ESA Problems

Unanswered Question
Mar 26th, 2008

Hi,
Can somebody show me some configuration steps with the following setup?

Email Security : C350
Mail Server : PostFix 2.0
Firewall : STONEGATE




Kindly advise me some quick setup or HOW-TO's on the firewall and postfix inorder for my C350 to work properly.

Common issues were REJECTED by RAT although everything is ok

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kluu_ironport Wed, 03/26/2008 - 19:10

For receiving mail:

1. Make sure the domains that you receive mail for are all added in the recipient access table (rat). [Mail policies > Reicpient access table]

2. Make sure there are corresponding smtp routes to deliver those domains correctl. [Network > SMTP Routes]



For relaying/delivering mail from the Postfix:

1. Make sure the IP of the postfix server is added to the relaylist of the Ironport. [Mail policies > Hat overview]. If you select the listener that the Postfix server will connect to. Add the IP of your postfix server to the Relaylist sendergroup.



Helpful kb articles.

1. What does "Reject by RAT" mean?

http://tinyurl.com/2k46uu

2. Setting up a relay of outbound traffic from an internal source.

To set up the IronPort to relay your outbound mail just create a new
Mail Flow Policy (GUI->Mail Policies->Add Policy...). In the drop-down
menu 'Connection Behavior:' select 'Relay'. Set the other values
according to your needs. Then create a new SenderGroup in your HAT
(GUI->Mail Policies->HAT Overview->Add Sender Group...). Place it on top
of your HAT (Order=1), assign your new Relay Policy to it and click on
'Submit and Add Senders'. In the 'Sender' field add your mailservers.
Submit, Commit, Test. That should be it...




Hi,
Can somebody show me some configuration steps with the following setup?

Email Security : C350
Mail Server : PostFix 2.0
Firewall : STONEGATE




Kindly advise me some quick setup or HOW-TO's on the firewall and postfix inorder for my C350 to work properly.

Common issues were REJECTED by RAT although everything is ok
angfeglandagan Fri, 03/28/2008 - 09:35

Thank you Kluu, i did already the configuration basically on the RAT/HAT.

Can you advise me on any configuration on the POSTFIX side? and the STONEGATE Firewall? like policies or translations to be created?

Im kinda confused on the rules/natting if there are any..

Thank you so much for the help..

kluu_ironport Mon, 03/31/2008 - 07:21

Maybe another user who currently has a stonegate and/or postfix environment can chime in.

But honestly, I haven't configured the stonegate FW myself to send mail from the internet or mailserver to the Ironport appliance. For the Ironport to receive inbound smtp traffic, the two common methods are:

1. via MX records and a public IP to the Ironport machine.
2. via the Firewall IP and then NATTing the external traffic to the Ironport's internal ip address.

As for the specifics, you may need to look through that product's reference guide or contact their support.

----

The above pertains to inbound/internet traffic. It's very similar for internal machines to relay mail. Again, you would need to look at the reference guide of Postfix, but basically, you would modify the outbound delivery to point to the Ironport appliance instead of the default gateway.

----

What other problems or specific errors are you running into with respect to the Ironport appliance. Is it relaying internal mail for some machines and others?

angfeglandagan Thu, 04/03/2008 - 04:15

I was able to trace the problem usign the mxtoolbox then figured out that the reason why it was rejected was that the mail server had two ip addresses and that i only add the first ip on the RAT..didnt include the other ip..

thanks for the posts....and advise..

Actions

This Discussion